Speakers

Bob McDowall, R.D. McDowall Ltd.

Yves Samson, Kereon AG

Objectives

You will learn the current regulatory requirements and regulatory expectations for an audit trail (review)

All GMP-relevant data (changes and deletions) should be audit trailed – you will learn how to identify GMP-relevant data

Event and audit logs: you will understand the differences between and what the regulators expect

How should an audit trail review be performed? You will get familiar with the content and the frequency of an audit trail review

Background

Audit Trail Reviews are required by international regulations like US 21 CFR Part 11 and EU GMP Guide Annex 11: Clause 9 requests:

“Consideration should be given, based on a risk assessment, to building into the system the creation of a record of all GMP-relevant changes and deletions (a system generated “audit trail”). For change or deletion of GMP-relevant data the reason should be documented. Audit trails need to be available and convertible to a generally intelligible form and regularly reviewed”

Regulators focus on the (creation), modification and deletion of (GMP-relevant) data while many IT systems are not able to generate audit trails at all or they are not able to generate audit trails for GMP-relevant data.

Therefore, this course is designed to support you to identify GMP-relevant data and how to perform and document an Audit Trail review as part of a second person review.

Target Group

This course is designed for managers and staff from health care industries as well for auditors who are responsible for the organisation and execution of audit trail (reviews) in their companies.

Programme

Why Is An Audit Trail and Its Review Important?

Part 11 and Annex 11 / Chapter 4 requirements for audit trail

Regulatory requirements for audit trail review

Guidance documents for audit trail review

Do I really need an audit trail?

Audit trail vs. system log

Audit trail content

Log files

What and when should I review?

Meaningful audit trails for a meaningful review

What are GMP-relevant Data?

Annex 11 requires that audit trails monitor

GMP-relevant data – what are GMP-relevant data?

Review of Audit Trail Entries

Guidance for frequent is “frequent review” of audit trails

Process versus system: avoiding missing data integrity issues when only focussing on a per system review

What are we looking for in an audit review?

Suspected data integrity violation - What do we need to do?

Technical Controls to Aid Second Person Review of Audit Trails

Technical considerations for audit trail review e.g.

Identifying data that has been changed or modified – how the system can help

Documenting the audit trail review has occurred

Review by exception – how technical controls can help

Have you specified and validated these functions?

Workshop 1: Which Audit Trail to Review?
Attendees will be presented with an overview of the audit trails within an application and the content of each one. Which audit trails should be reviewed and when?

Workshop 2: Identifying GMP Relevant Data
Attendees will be presented with a list of records to identify if they are GMP records and how critical they are to help focus the second person review of audit trail data.
Examples from production, laboratory and QA examples of GMP-relevant data will be provided.

Workshop 3: Reviewing Audit Trail Entries
Attendees will be provided with the output of an audit trail to review and see if any potential issues are identified for further investigation.